Shawn Wright wrote:
> During times when our proxy is being assaulted by spyware, it spends a
> great deal of CPU time logging these denials. I would like to explore the
> possibility of one or more of the following:
> -limiting max # of connections allocated to a single IP per minute, since
> delay pools won't help when all the connections are denials (I don't
> think).
The maxconn acl type can do this, though I believe Squid will still log a
TCP_DENIED for each request over the limit. Probably not the solution you
are looking for.
You could use a program to tail the access.log (a simple Perl script could
do it) and block an IP address using the OS's firewall if the number of
denied requests passes a certain threshold.
Adam
Received on Thu Dec 02 2004 - 16:19:26 MST
This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:01 MST